Post

Apache command cheatsheet

Find DB Version

1
mariadb --version
1
mysql --version

When your running your own lamp on vps having a cheatsheet like this for Apache may come in handy. Especially when the rubber hits the road.

Stop your web server

1
sudo systemctl stop apache2

Start the web server when it is stopped, type:

1
sudo systemctl start apache2

Stop and then start the service again, type:

1
sudo systemctl restart apache2

Reload without dropping connections.

1
sudo systemctl reload apache2

Re-enable the service to start up at boot, type:

1
sudo systemctl enable apache2

Enable the file with the a2ensite tool:

1
sudo a2ensite your_domain.conf

Disable the default site defined in 000-default.conf:

1
sudo a2dissite 000-default.conf

Test for configuration errors:

1
sudo apache2ctl configtest

REBOOT reboot a server from the command line, run:

1
sudo shutdown -r now

By default, Apache is configured to start automatically when the server boots. If this is not what you want, disable this behavior by typing:

1
sudo systemctl disable apache2

Query the state of apache processes

1
sudo systemctl status apache2.service -l --no-pager

Check apache for config errors

1
sudo apachectl configtest

Search apache error log

This will only search 2 lines

1
sudo tail -n 2 /var/log/apache2/error.log

View apache error log

1
vim /var/log/apache2/error.log

Troubleshooting

Apache not starting

Find out what the problem is:

1
sudo apachectl configtest

Whenever i delete certificates and then restart the server. then apache fails to start up because some of the certificate files still need to be deleted. All the details for this are output in the configtest log.

UFW

It’s so satisfying and much cheaper to host your own websites on a self managed barebones vps. But if you’re going to host your own websites then you will need to have a firewall running to protect your website from hackers.

Luckily UFW, the default firewall on Linux distributions makes the process of enabling a firewall simple.

What is a website firewall?

A website firewall is a security solution designed to monitor, filter, and block malicious traffic to a website. It helps protect against various online threats, such as hacking attempts, DDoS attacks, and other types of cyber threats by analyzing and filtering incoming web traffic.

What is UFW?

Uncomplicated Firewall (UFW) is a user-friendly command-line interface for managing iptables, which is the default firewall management tool in many Linux distributions. UFW is designed to simplify the process of configuring a firewall by providing a straightforward syntax.

Enable Firewall

1
sudo ufw enable

Disable Firewall

1
sudo ufw disable

Status

See what rules are in place

1
sudo ufw status

Get a bit more information

1
sudo ufw status verbose

Allow range of ip’s

1
sudo ufw allow proto tcp from 104.245.210.224/28 to any port 22

Allow range of ip’s with a dry run

1
sudo ufw --dry-run allow proto tcp from 104.245.210.224/28 to any port 22

Reset all UFW rules

Start from the default ufw configuring your rules

1
sudo ufw reset

allow access to special port

1
ufw allow from 1.2.3.4 to any port 7080

To view all blocked threats using Uncomplicated Firewall (ufw), you can check the firewall logs. Use the following command in the terminal:

1
sudo ufw status | grep BLOCK

This command filters the status output to show only the blocked entries, providing information about blocked threats or unauthorized access attempts.

Create sudo user

Creating a Non-Root Sudo User for Apache

This guide will walk you through creating a new user with sudo privileges specifically for managing your Apache web server.

Step 1: Create a New User

First, you’ll create a new user account on your system. Choose a descriptive username, like apache-admin. Open your terminal and run the following command as the root user or a user with sudo privileges:

1
sudo adduser apache-admin

Alright, let’s get you set up with a non-root sudo user for Apache. Here are some straightforward instructions in Markdown: Markdown

Creating a Non-Root Sudo User for Apache

This guide will walk you through creating a new user with sudo privileges specifically for managing your Apache web server.

Step 1: Create a New User

First, you’ll create a new user account on your system. Choose a descriptive username, like apache-admin. Open your terminal and run the following command as the root user or a user with sudo privileges:

1
sudo adduser apache-admin

You’ll be prompted to set a password for this new user and optionally provide other information. Make sure to choose a strong, unique password.

Step 2: Add the User to the sudo Group

To allow the new user to execute commands with superuser privileges, you need to add them to the sudo group. Use the following command:

1
sudo usermod -aG sudo apache-admin

This command adds the apache-admin user to the sudo group.

Step 3: Grant Specific Permissions for Apache

Instead of giving the user full sudo access, it’s best practice to grant only the necessary permissions for managing Apache. You’ll need to edit the sudoers file. Use the visudo command to edit this file safely. This command locks the file to prevent multiple edits and checks for syntax errors upon saving.

1
sudo visudo

This will open the sudoers file in your default text editor (usually nano or vi). Be very careful when editing this file. Incorrect syntax can lock you out of your system.

Add the following line to the end of the file (or within the user privilege specification section), replacing /path/to/apachectl with the actual path to your apachectl executable (you can usually find this with which apachectl):

1
apache-admin ALL=(root) NOPASSWD: /usr/sbin/apachectl, /usr/sbin/service apache2 *

Explanation of the line above:

  • apache-admin: Specifies the user this rule applies to.
  • ALL=(root): Allows the user to run commands as the root user.
  • NOPASSWD:: Specifies that no password is required for the following commands. Use this cautiously and only for specific, necessary commands.
  • /usr/sbin/apachectl: Allows the user to execute the apachectl command.
  • /usr/sbin/service apache2 *: Allows the user to use the service command to manage the apache2 service (start, stop, restart, etc.). Note: The service name might be different on your system (e.g., httpd). Adjust accordingly.

Step 4: Save and Exit visudo

After adding the line, save the changes and exit the text editor. If you used nano, press Ctrl+X, then Y to confirm saving. If you used vi, press Esc, then type :wq and press Enter.

Step 5: Test the New User

Now, switch to the new apache-admin user:

1
su - apache-admin

Try running Apache-related commands using sudo without a password:

1
2
3
sudo apachectl configtest
sudo service apache2 status
sudo service apache2 restart

If everything is configured correctly, these commands should execute without prompting for a password.

Important Security Considerations:

  • Grant only the necessary permissions. Avoid giving the user full sudo access if it’s not required.
  • Carefully verify the paths to the Apache executables on your system.
  • Regularly review your sudoers file to ensure the permissions are still appropriate.

That’s it! You’ve now created a non-root user with specific sudo privileges for managing your Apache web server.

This post is licensed under CC BY 4.0 by the author.